Linux and SpyWare?

Robin Laing Robin.Laing at drdc-rddc.gc.ca
Thu Feb 3 16:30:08 UTC 2005 

Scot L. Harris wrote:
> On Wed, 2005-02-02 at 12:21, Tim Alberts wrote:
> 
>>Is Linux vulnerable to SpyWare and if so, what are some tools to deal
>>with it?  Any specific SpyWare tools, I don't mean hacking into iptables
>>manually.
> 
> 
> So far spyware for linux systems has not been as much of a problem as it
> is for windows.  You may still want to flush the cookies you collect (or
> disable them entirely, your choice), that seems to be one type of
> spyware that allows them to track you.
> 
> There are a couple of programs you may want to install.  
> 
> chkrootkit is a good one as well as rkhunter.  These look for
> indications that your system has been hacked and one of the many
> different root kits have been installed on your system.  Good to run
> periodically or if you suspect a problem.
> 
> Another good one is tripwire.  Tripwire generates a database that is
> used to look for changes on the system.  Once you have it setup
> completely it will run a report nightly looking for changes to critical
> files both binaries and configuration files.  If any changes are
> detected it will report them to you and you can investigate further. 
> Takes some effort to setup correctly.  I have setup a filter that marks
> the reports as read or not read depending on if they are clean or not. 
> That way each morning I know immediately if something has changed on my
> system without having to even open up the report.  
> 
> Besides that use good passwords, don't login as root (use su - only when
> needed), use iptables, put a NAT/firewall between your LAN and the cable
> modem, and don't trust anyone.
> 
> Remember: Paranoia is not just a state of mind, it is a life style.  :)
> 

It is impossible to totally eliminate cookies but I use session 
cookies and this helps to keep the count down.  I do have my Mozilla 
setup to allow me to accept or refuse cookies as I prefer.  This 
limits some of the tracking.  Of course on some sites this is not 
allowed so I just go someplace else.

-- 
Robin Laing

More information about the fedora-list mailing list